How to configure SSH to use a non-standard port with SELinux

How to configure SSH to use a non-standard port with SELinux

This guide is about How to configure SSH to use a non-standard port with SELinux. So read this free guide, How to configure SSH to use a non-standard port with SELinux step by step. If you have query related to same article you may contact us.

How to configure SSH to use a non-standard port with SELinux – Guide

Switching the SSH listening port on your Linux servers is a simple approach to improve secure remote login. When SELinux is involved, however, you must perform a few more procedures. Jack Wallen demonstrates how to Knife.

SSH includes a series of security features, one of which is the ability to configure the service to use a non-standard port. SSH uses port 22 out of the box. You can configure this service to use a different port, such as 33000, if you want to make it more difficult for would-be hackers.

This technique is simple on Linux distributions that don’t use SELinux. If SELinux is involved, however, you can’t just change the port without revealing your little secret to the security system.

And that’s exactly what I’m going to do here: I’ll configure Fedora 35 to use port 33000 for incoming SSH traffic. This procedure will work on any SELinux-enabled Linux distribution (such as RHEL, Alma Linux, and Rocky Linux).

With that said, let’s get to work.

what will you need

To make this change, you will need a running instance of a Linux distribution that includes SELinux, as well as the installed SSH server and a user with sudo access.

How to change default SSH port

The first thing we’ll do is change the default port used by SSH, which is found in the sshd_config file. Open this file for editing with the command:

sudo nano / etc / ssh / sshd_config

In this file, look for the line:

#Port 22

Change this line to read:

Port 33000

Save and close the file.

Do not restart the daemon yet, as we need to deal with SELinux first.

How to alert SELinux of the change

The first thing we’ll do is make sure SELinux is SSH aware. Issue the command:

sudo weekly port -l | grep ssh

You should see listed:

ssh_port_t tcp 22

So SELinux is allowing SSH traffic on port 22. Let’s change this to 33000 with the command:

sudo semantic port -a -t ssh_port_t -p tcp 33000

Now, if we check which port is being used, it should come back as:

ssh_port_t tcp 33000, 22

Although SELinux is allowing port 22, SSH will not listen on this port, so it is not a problem.

How to open the firewall on port 33000

Next, we must open the firewall to allow SSH traffic through port 33000. To do this, we issue the command:

sudo firewall-cmd –add-port = 33000 / tcp –permanent

Then reload the firewall with:

sudo firewall-cmd –reload

Next, we will disable the default SHH port through the firewall with:

sudo firewall-cmd –remove-service = ssh –permanent

Again, reload the firewall with:

sudo firewall-cmd –reload

How to restart the SSH daemon and login

Now we can restart the SSH daemon with:

sudo systemctl restart sshd

Log into the newly configured server with:

ssh USER @ SERVER -p 33000

Where USER is a remote username and SERVER is the IP address (or domain) of the remote server.

And this is how you configure SSH to use a non-standard port on a Linux distribution that uses SELinux. You should consider changing all your servers to use a non-standard port for the SSH service. When you couple this with another SSH hardening tricks, you’ll go a long way in preventing unwanted users from gaining access to your servers.

Final note

I hope you like the guide How to configure SSH to use a non-standard port with SELinux. In case if you have any query regards this article you may ask us. Also, please share your love by sharing this article with your friends.

We will be happy to hear your thoughts

      Leave a reply

      Compsmag
      Logo